diff --git a/CHANGELOG.md b/CHANGELOG.md index 6c6235a7..9ca65d4a 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,26 @@ # Changelog +## 11.0.0 (unreleased) + +- Add conversions between `Algorithm` and `KeyAlgorithm` +- JWKs can now be created from `DecodingKey`s, creation from `EncodingKey` and `DecodingKey` supports Ed25519 now as well +- BREAKING: `Algorithm` and `EllipticCurve` are now `non_exhaustive` +- BREAKING: `Header.extras` is now a struct that allows for deserialization to any `T` +- BREAKING: Removed implicit features resulting from optional crates +- BREAKING: `Validation.insecure_disable_signature_validation` has been removed. Use `dangerous::insecure_decode` instead +- BREAKING: `EncodingKey.inner` has been renamed to `as_bytes`, `try_get_hmac_secret` has been removed. +- BREAKING: `DecodingKey.as_bytes` and `try_get_hmac_secret` have been removed, use `try_get_as_bytes` instead + +### Changes for `CryptoProvider`s + +- When constructing HMAC signers, the algorithm family must now be verified on construction +- `JwkUtils` has been renamed to `KeyUtils` + - `compute_digest` now returns a `Result<_>` + - `extract_rsa_public_key_components` has been renamed to `rsa_pub_components_from_private_key` + - `rsa_pub_components_from_public_key` has been added + - `extract_ec_public_key_coordinates` has been renamed to `ec_pub_components_from_private_key` + - `ed_pub_components_from_private_key` has been added + ## 10.4.0 (2026-05-11) - Fix incorrect encoding for Ed25519 JWK thumbprints @@ -45,7 +66,6 @@ - Supports deserialization of unsupported algorithms for JWKs - ## 9.0.0 (2023-10-16) - Update ring @@ -56,13 +76,11 @@ - Update base64 - Implement Clone for TokenData if T impls Clone - ## 8.2.0 (2022-12-03) - Add DecodingKey::from_jwk - Can now use PEM certificates if you have the `use_pem` feature enabled - ## 8.1.1 (2022-06-17) - Fix invalid field name on OctetKeyParameters @@ -76,9 +94,8 @@ - Fix documentation of leeway - ## 8.0.0 (2022-02-02) - + - Add EdDSA algorithm - `sign`/`verify` now takes a `&[u8]` instead of `&str` to be more flexible - `DecodingKey` now own its data @@ -115,7 +132,7 @@ - Add support for PS256, PS384 and PS512 - Add support for verifying with modulus/exponent components for RSA - Update to 2018 edition -- Changed aud field type in Validation to `Option>`. Audience +- Changed aud field type in Validation to `Option>`. Audience validation now tests for "any-of-these" audience membership. - Add support for keys in PEM format - Add EncodingKey/DecodingKey API to improve performance and UX @@ -154,6 +171,7 @@ ## 3.0.0 (2017-09-08) ### Breaking changes + - Remove `validate_signature` from `Validation`, use `decode_header` instead if you don't know the alg used - Make `typ` optional in header, some providers apparently don't use it diff --git a/README.md b/README.md index 97951ac2..38c7b66a 100644 --- a/README.md +++ b/README.md @@ -11,7 +11,7 @@ Add the following to Cargo.toml: # You will have to select either `aws_lc_rs` or `rust_crypto` as backend if you're not using your own jsonwebtoken = { version = "11", features = ["aws_lc_rs"] } # If you do not need pem decoding, you can disable the default feature `use_pem` that way: -# jsonwebtoken = {version = "10", default-features = false, features = ["aws_lc_rs"] } +# jsonwebtoken = {version = "11", default-features = false, features = ["aws_lc_rs"] } serde = {version = "1.0", features = ["derive"] } ```